CVE-2010-3243

moderate-risk
Published 2010-10-13

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."

Do I need to act?

!
38.1% chance of exploitation in next 30 days
EPSS score — higher than 62% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Microsoft

References (10)

http://support.avaya.com/css/P8/documents/100113324
US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-285A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07...
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
http://support.avaya.com/css/P8/documents/100113324
US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-285A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07...
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
46
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 16/34 · Moderate
Exposure 12/34 · Low